From fa8cac25549e6b63c19a4e917ac4b8c5958adcd1 Mon Sep 17 00:00:00 2001 From: arvindsinghtomar Date: Wed, 22 Mar 2017 17:10:53 +0530 Subject: [PATCH 1/9] id_token validation --- .../net/openid/appauthdemo/TokenActivity.java | 39 ++++- .../openid/appauth/AuthorizationService.java | 135 ++++++++++++++++++ library/java/net/openid/appauth/Utils.java | 16 +++ 3 files changed, 189 insertions(+), 1 deletion(-) diff --git a/app/java/net/openid/appauthdemo/TokenActivity.java b/app/java/net/openid/appauthdemo/TokenActivity.java index c50e4722..0d627f73 100644 --- a/app/java/net/openid/appauthdemo/TokenActivity.java +++ b/app/java/net/openid/appauthdemo/TokenActivity.java @@ -294,6 +294,16 @@ private void performTokenRequest( callback); } + @MainThread + private void performTokenValidation( + TokenResponse response, + AuthorizationService.TokenValidationResponseCallback callback) { + + mAuthService.performTokenValidation( + response, + callback); + } + @WorkerThread private void handleAccessTokenResponse( @Nullable TokenResponse tokenResponse, @@ -302,7 +312,7 @@ private void handleAccessTokenResponse( runOnUiThread(this::displayAuthorized); } - @WorkerThread + @MainThread private void handleCodeExchangeResponse( @Nullable TokenResponse tokenResponse, @Nullable AuthorizationException authException) { @@ -316,7 +326,34 @@ private void handleCodeExchangeResponse( //noinspection WrongThread runOnUiThread(() -> displayNotAuthorized(message)); } else { + if (tokenResponse != null + && tokenResponse.idToken != null + && tokenResponse.request.configuration.discoveryDoc != null) { + performTokenValidation( + tokenResponse, + this::handleTokenValidationResponse); + } else { + final String message = "Failed to perform id_token validation"; + + // WrongThread inference is incorrect for lambdas + //noinspection WrongThread + runOnUiThread(() -> displayNotAuthorized(message)); + } + } + } + + @WorkerThread + private void handleTokenValidationResponse( + boolean isTokenValid, + @Nullable AuthorizationException authException) { + if (isTokenValid) { runOnUiThread(this::displayAuthorized); + } else { + final String message = "Invalid id_token"; + + // WrongThread inference is incorrect for lambdas + //noinspection WrongThread + runOnUiThread(() -> displayNotAuthorized(message)); } } diff --git a/library/java/net/openid/appauth/AuthorizationService.java b/library/java/net/openid/appauth/AuthorizationService.java index 1e05202b..932e221f 100644 --- a/library/java/net/openid/appauth/AuthorizationService.java +++ b/library/java/net/openid/appauth/AuthorizationService.java @@ -34,14 +34,19 @@ import net.openid.appauth.browser.BrowserDescriptor; import net.openid.appauth.browser.BrowserSelector; + +import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; +import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStreamWriter; +import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; import java.net.URLConnection; +import java.util.Calendar; import java.util.Map; @@ -279,6 +284,19 @@ public void performRegistrationRequest( new RegistrationRequestTask(request, callback).execute(); } + /** + * Performs ID token validation. + */ + public void performTokenValidation( + @NonNull TokenResponse response, + @NonNull TokenValidationResponseCallback callback) { + checkNotDisposed(); + Logger.debug("Initiating token validation request to %s", + response.request.configuration.discoveryDoc.getJwksUri()); + new TokenValidationRequestTask(response, callback) + .execute(); + } + /** * Disposes state that will not normally be handled by garbage collection. This should be * called when the authorization service is no longer required, including when any owning @@ -562,4 +580,121 @@ public interface RegistrationResponseCallback { void onRegistrationRequestCompleted(@Nullable RegistrationResponse response, @Nullable AuthorizationException ex); } + + private class TokenValidationRequestTask + extends AsyncTask { + private TokenResponse mResponse; + private TokenValidationResponseCallback mCallback; + + private AuthorizationException mException; + + TokenValidationRequestTask(TokenResponse request, + TokenValidationResponseCallback callback) { + mResponse = request; + mCallback = callback; + } + + @Override + protected JSONObject doInBackground(Void... voids) { + InputStream is = null; + try { + Uri uri = (mResponse.request.configuration.discoveryDoc.getJwksUri()); + HttpURLConnection conn = + mClientConfiguration.getConnectionBuilder() + .openConnection(uri); + conn.setRequestMethod("GET"); + //conn.setDoOutput(true); + + is = new BufferedInputStream(conn.getInputStream()); + // readStream(in); + String response = Utils.readInputStream(is); + return new JSONObject(response); + } catch (IOException ex) { + Logger.debugWithStack(ex, "Failed to complete token validation request"); + mException = AuthorizationException.fromTemplate( + GeneralErrors.NETWORK_ERROR, ex); + } catch (JSONException ex) { + Logger.debugWithStack(ex, "Failed to complete token validation request"); + mException = AuthorizationException.fromTemplate( + GeneralErrors.JSON_DESERIALIZATION_ERROR, ex); + } finally { + Utils.closeQuietly(is); + } + return null; + } + + @Override + protected void onPostExecute(JSONObject json) { + JSONObject requiredJson = null; + + try { + String[] split = mResponse.idToken.split("\\."); + + String decodeTokenHeader = Utils.decodeBase64urlNoPadding(split[0]); + String decodeTokenBody = Utils.decodeBase64urlNoPadding(split[1]); + + JSONObject jsonObjectHeader = new JSONObject(decodeTokenHeader); + JSONObject jsonObjectBody = new JSONObject(decodeTokenBody); + + JSONArray jsonArray = json.getJSONArray("keys"); + + for (int i = 0; i < jsonArray.length(); i++) { + if (jsonArray.getJSONObject(i).optString("alg") + .contains(jsonObjectHeader.getString("alg"))) { + requiredJson = jsonArray.getJSONObject(i); + break; + } + } + + Logger.debug("Token validation with %s completed", + this.mResponse.request.configuration + .discoveryDoc.getJwksUri()); + + if (mException != null + || requiredJson == null + || !json.optString("error", "").equals("") + || !jsonObjectHeader.getString("kid").equals(requiredJson.getString("kid")) + || !jsonObjectBody.getString("aud").equals(mResponse.request + .getRequestParameters().get("client_id"))) { + mCallback.onTokenValidationRequestCompleted(false, mException); + return; + } + + Calendar calendar = Calendar.getInstance(); + calendar.setTimeInMillis(Long.parseLong(jsonObjectBody.getString("exp")) + * Long.parseLong("1000")); + calendar.getTimeInMillis(); + + if (calendar.getTimeInMillis() > System.currentTimeMillis()) { + mCallback.onTokenValidationRequestCompleted(true, null); + } else { + mCallback.onTokenValidationRequestCompleted(false, mException); + } + } catch (UnsupportedEncodingException | JSONException e) { + mCallback.onTokenValidationRequestCompleted(false, mException); + } + } + } + + /** + * Callback interface for token validation endpoint. + * @see AuthorizationService#performTokenValidation + */ + public interface TokenValidationResponseCallback { + /** + * Invoked when the request completes successfully. + * + * Exactly one of `isTokenValid` or `ex` will be non-null. If `isTokenValid` is `null`, + * a failure occurred during the request. This can happen if a bad URI was provided, + * no connection to the server could be established, or the JSON was incomplete or + * incorrectly formatted. + * + * @param isTokenValid the boolean value which represents if a token is valid or not. + * @param ex a description of the failure, if one occurred: `null` otherwise. + * @see AuthorizationException.TokenRequestErrors + */ + void onTokenValidationRequestCompleted(boolean isTokenValid, + @Nullable AuthorizationException ex); + } + } diff --git a/library/java/net/openid/appauth/Utils.java b/library/java/net/openid/appauth/Utils.java index 000a65b4..7250d41e 100644 --- a/library/java/net/openid/appauth/Utils.java +++ b/library/java/net/openid/appauth/Utils.java @@ -14,10 +14,13 @@ package net.openid.appauth; +import android.util.Base64; + import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.UnsupportedEncodingException; /** * Utility class for common operations. @@ -55,4 +58,17 @@ public static void closeQuietly(InputStream in) { // deliberately do nothing } } + + /** + * Decodes Base 64 url. + */ + public static String decodeBase64urlNoPadding(String strEncoded) + throws UnsupportedEncodingException { + if (strEncoded != null) { + byte[] decodedBytes = Base64.decode(strEncoded, Base64.NO_PADDING); + return new String(decodedBytes, "UTF-8"); + } else { + return ""; + } + } } From b24d549ace72eba73bd8589800ee27671ef6ed0e Mon Sep 17 00:00:00 2001 From: arvindsinghtomar Date: Mon, 27 Mar 2017 13:27:28 +0530 Subject: [PATCH 2/9] added url_safe flag to decode base 64 url and client id fix in token validation logic --- library/java/net/openid/appauth/AuthorizationService.java | 7 +++---- library/java/net/openid/appauth/Utils.java | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/library/java/net/openid/appauth/AuthorizationService.java b/library/java/net/openid/appauth/AuthorizationService.java index 10fe8c2a..e6818e83 100644 --- a/library/java/net/openid/appauth/AuthorizationService.java +++ b/library/java/net/openid/appauth/AuthorizationService.java @@ -627,8 +627,8 @@ protected void onPostExecute(JSONObject json) { try { String[] split = mResponse.idToken.split("\\."); - String decodeTokenHeader = Utils.decodeBase64urlNoPadding(split[0]); - String decodeTokenBody = Utils.decodeBase64urlNoPadding(split[1]); + String decodeTokenHeader = Utils.decodeBase64url(split[0]); + String decodeTokenBody = Utils.decodeBase64url(split[1]); JSONObject jsonObjectHeader = new JSONObject(decodeTokenHeader); JSONObject jsonObjectBody = new JSONObject(decodeTokenBody); @@ -651,8 +651,7 @@ protected void onPostExecute(JSONObject json) { || requiredJson == null || !json.optString("error", "").equals("") || !jsonObjectHeader.getString("kid").equals(requiredJson.getString("kid")) - || !jsonObjectBody.getString("aud").equals(mResponse.request - .getRequestParameters().get("client_id"))) { + || !jsonObjectBody.getString("aud").equals(mResponse.request.clientId)) { mCallback.onTokenValidationRequestCompleted(false, mException); return; } diff --git a/library/java/net/openid/appauth/Utils.java b/library/java/net/openid/appauth/Utils.java index 7250d41e..e0483f79 100644 --- a/library/java/net/openid/appauth/Utils.java +++ b/library/java/net/openid/appauth/Utils.java @@ -62,10 +62,10 @@ public static void closeQuietly(InputStream in) { /** * Decodes Base 64 url. */ - public static String decodeBase64urlNoPadding(String strEncoded) + public static String decodeBase64url(String strEncoded) throws UnsupportedEncodingException { if (strEncoded != null) { - byte[] decodedBytes = Base64.decode(strEncoded, Base64.NO_PADDING); + byte[] decodedBytes = Base64.decode(strEncoded, Base64.NO_PADDING | Base64.URL_SAFE); return new String(decodedBytes, "UTF-8"); } else { return ""; From 05a1373479e02451a7eade8ce4ba7f5b3589c898 Mon Sep 17 00:00:00 2001 From: arvindsinghtomar Date: Mon, 17 Jul 2017 14:37:45 +0530 Subject: [PATCH 3/9] Create Readme-Gluu.md --- app/Readme-Gluu.md | 137 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 app/Readme-Gluu.md diff --git a/app/Readme-Gluu.md b/app/Readme-Gluu.md new file mode 100644 index 00000000..c57dd887 --- /dev/null +++ b/app/Readme-Gluu.md @@ -0,0 +1,137 @@ +# Using AppAuth with [Gluu](https://gluu.org/docs/) + + +The Gluu Server is a free open source identity and access management (IAM) platform. The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. configuration is quick and simple. + +If you do not already have a Gluu Server, you can [read the docs](http://gluu.org/docs/ce) to learn how to download and deploy the software for free. +## Creating OpenID Client on Gluu server + +First of all install and login to your gluu server than follow steps below:- + + 1. After login, navigate to https://{{Your_gluu_server_domain}}/identity/client/inventory and select **Add Client** + 1. Entre required values to fields( minimum required fileds are :- Client Name,Client Secret,Application Type,Pre-Authorization,Persist Client Authorizations,Logout Session Required) + 1. Choose **Native** or **web** as the Application Type. + 1. Scroll to bottom and you will find **"Add Grand type"** button click on it and select **Authorization Code** as Grant type in opened popup. click ok button in popup to save settings. + 1. Redirect URIs can be like this (**"appscheme://client.example.com"**) + 1. Populate your new OpenID Connect application with values similar to: + 1. Copy the **Client ID**, as it will be needed for the client configuration. + 1. Click **Finish** to redirect back to the *General Settings* of your application. + + +**Note:-** You can also create OpenID Clients by using gluu's oxAuth-rp client + Link for oxAuth-Rp will be https://{{Your_gluu_server_domain}}/oxauth-rp/home.htm + + + +### Clone the project +https://github.com/openid/AppAuth-Android.git + + clone project from give repo and do following changes is code. + + Finally, within your application update ``res/raw/auth_config.json`` with your settings. You will get a warning if it is incomplete or invalid. Here is an example JSON configuration: + +```json +{ + "client_id": "{{YourClientID}}", + "redirect_uri": "appscheme://client.example.com", + "client_secret": "{{Your_client_secret}}", + "authorization_scope": "openid email profile", + "discovery_uri": "https://{{your_idp_domain}}/.well-known/openid-configuration", + "authorization_endpoint_uri": "", + "token_endpoint_uri": "", + "registration_endpoint_uri": "", + "https_required": true +} +``` + +**Note :-** According to [issue](https://github.com/openid/AppAuth-Android/issues/90) using client secrete in project is not adviced you must need to find way keep client secrete safe in application. +To pass client secret with token refresh we need to change some minor changes in Demo code. + +1. **net.openid.appauthdemo.Configuration** :- + + 1. create field for client_secret + ```java + private String mClientSecret; + ``` + + 2. In readConfiguration() method add parser for client_secret like this + ```java + mClientSecret= getConfigString("client_secret"); + ``` + + 3. create a getter method for mClientSecret + ```java + @Nullable + public String getClientSecret() { + return mClientSecret; + } + ``` + + +2. **net.openid.appauthdemo.Configuration.TokenActivity** + + 1. Change performTokenRequest with this code. + + ```java + @MainThread + private void performTokenRequest( + TokenRequest request, + AuthorizationService.TokenResponseCallback callback) { + ClientAuthentication clientAuthentication; + if (Configuration.getInstance(TokenActivity.this).getClientSecret() != null) { + clientAuthentication = new ClientSecretBasic(Configuration.getInstance(TokenActivity.this).getClientSecret()); + + } else { + try { + clientAuthentication = mStateManager.getCurrent().getClientAuthentication(); + } catch (ClientAuthentication.UnsupportedAuthenticationMethod ex) { + Log.d(TAG, "Token request cannot be made, client authentication for the token " + + "endpoint could not be constructed (%s)", ex); + displayNotAuthorized("Client authentication method is unsupported"); + return; + } + } + mAuthService.performTokenRequest( + request, + clientAuthentication, + callback); + } + ``` + +# +# Gluu AppAuth Dynamic Registration. + +### changes in xml file: + +> If we keep **client_id** and **client_secret** blank string in ``res/raw/auth_config.json`` application will automatically register new client to dynamic registration end point. + + +We need to add header in library in request in the method RegistrationRequestTask in the file called AuthorizationService.java +Path to the file is /library/java/net/openid/appauth/AuthorizationService.java. + +```java +conn.setRequestProperty("Content-Type", "application/json"); +``` + +--- + + +And also change the manifest file and change the activity tag to + + +```xml + + + + + + + + + + +``` + + + +So that all the URIs that matches "example.gluu.org" are opened in the app itself From 3e57f80528bd7b73767a8fc98bf10692c252c431 Mon Sep 17 00:00:00 2001 From: arvindsinghtomar Date: Mon, 17 Jul 2017 15:03:16 +0530 Subject: [PATCH 4/9] Update Readme-Gluu.md --- app/Readme-Gluu.md | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) diff --git a/app/Readme-Gluu.md b/app/Readme-Gluu.md index c57dd887..2a03effe 100644 --- a/app/Readme-Gluu.md +++ b/app/Readme-Gluu.md @@ -101,37 +101,8 @@ To pass client secret with token refresh we need to change some minor changes in # # Gluu AppAuth Dynamic Registration. -### changes in xml file: +### changes in auth_config.json file: > If we keep **client_id** and **client_secret** blank string in ``res/raw/auth_config.json`` application will automatically register new client to dynamic registration end point. -We need to add header in library in request in the method RegistrationRequestTask in the file called AuthorizationService.java -Path to the file is /library/java/net/openid/appauth/AuthorizationService.java. - -```java -conn.setRequestProperty("Content-Type", "application/json"); -``` - ---- - - -And also change the manifest file and change the activity tag to - - -```xml - - - - - - - - - - -``` - - - -So that all the URIs that matches "example.gluu.org" are opened in the app itself From 13217f5d0b1454d7384737e69386a76f155549f2 Mon Sep 17 00:00:00 2001 From: arvindsinghtomar Date: Mon, 17 Jul 2017 15:10:41 +0530 Subject: [PATCH 5/9] Update Readme-Gluu.md --- app/Readme-Gluu.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Readme-Gluu.md b/app/Readme-Gluu.md index 2a03effe..20a3fd48 100644 --- a/app/Readme-Gluu.md +++ b/app/Readme-Gluu.md @@ -15,7 +15,7 @@ First of all install and login to your gluu server than follow steps below:- 1. Redirect URIs can be like this (**"appscheme://client.example.com"**) 1. Populate your new OpenID Connect application with values similar to: 1. Copy the **Client ID**, as it will be needed for the client configuration. - 1. Click **Finish** to redirect back to the *General Settings* of your application. + 1. Click **Add** to creat a new client **Note:-** You can also create OpenID Clients by using gluu's oxAuth-rp client From fe2ad2e8b244d1c6dff685b56f5611896a5d13a6 Mon Sep 17 00:00:00 2001 From: arvindsinghtomar Date: Mon, 17 Jul 2017 15:33:52 +0530 Subject: [PATCH 6/9] Update Readme-Gluu.md --- app/Readme-Gluu.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/app/Readme-Gluu.md b/app/Readme-Gluu.md index 20a3fd48..8f2bb8ee 100644 --- a/app/Readme-Gluu.md +++ b/app/Readme-Gluu.md @@ -1,7 +1,7 @@ # Using AppAuth with [Gluu](https://gluu.org/docs/) -The Gluu Server is a free open source identity and access management (IAM) platform. The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. configuration is quick and simple. +The Gluu Server is a free open source identity and access management (IAM) platform. The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. Configuration of Gluu server is quick and simple. If you do not already have a Gluu Server, you can [read the docs](http://gluu.org/docs/ce) to learn how to download and deploy the software for free. ## Creating OpenID Client on Gluu server @@ -15,7 +15,7 @@ First of all install and login to your gluu server than follow steps below:- 1. Redirect URIs can be like this (**"appscheme://client.example.com"**) 1. Populate your new OpenID Connect application with values similar to: 1. Copy the **Client ID**, as it will be needed for the client configuration. - 1. Click **Add** to creat a new client + 1. Click **Finish** to redirect back to the *General Settings* of your application. **Note:-** You can also create OpenID Clients by using gluu's oxAuth-rp client @@ -26,7 +26,7 @@ First of all install and login to your gluu server than follow steps below:- ### Clone the project https://github.com/openid/AppAuth-Android.git - clone project from give repo and do following changes is code. + clone project from given repo and do following changes in code. Finally, within your application update ``res/raw/auth_config.json`` with your settings. You will get a warning if it is incomplete or invalid. Here is an example JSON configuration: @@ -44,8 +44,8 @@ https://github.com/openid/AppAuth-Android.git } ``` -**Note :-** According to [issue](https://github.com/openid/AppAuth-Android/issues/90) using client secrete in project is not adviced you must need to find way keep client secrete safe in application. -To pass client secret with token refresh we need to change some minor changes in Demo code. +**Note :-** According to [issue](https://github.com/openid/AppAuth-Android/issues/90) using client secrete in project is not adviced. You must need to a find way keep client secret safe in application. +To pass client secret with token refresh we need to change some minor changes in demo code. 1. **net.openid.appauthdemo.Configuration** :- @@ -101,8 +101,9 @@ To pass client secret with token refresh we need to change some minor changes in # # Gluu AppAuth Dynamic Registration. -### changes in auth_config.json file: +### changes in xml file: + +> If we keep **client_id** and **client_secret** blank string in ``res/raw/auth_config.json`` application will automatically register new client to dynamic registration end point. -> If we keep **client_id** and **client_secret** blank string in ``res/raw/auth_config.json`` application will automatically register new client to dynamic registration end point. From 68fbe40814e4f82a684a9541f00457ff23cf2305 Mon Sep 17 00:00:00 2001 From: arvindsinghtomar Date: Thu, 20 Jul 2017 12:14:01 +0530 Subject: [PATCH 7/9] made changes according comments by @iainmcgin on pull request. --- .../openid/appauth/AuthorizationService.java | 267 +++++++++--------- 1 file changed, 133 insertions(+), 134 deletions(-) diff --git a/library/java/net/openid/appauth/AuthorizationService.java b/library/java/net/openid/appauth/AuthorizationService.java index c516d985..7e8949e6 100644 --- a/library/java/net/openid/appauth/AuthorizationService.java +++ b/library/java/net/openid/appauth/AuthorizationService.java @@ -36,6 +36,7 @@ import net.openid.appauth.browser.BrowserSelector; import org.json.JSONArray; + import net.openid.appauth.browser.CustomTabManager; import net.openid.appauth.internal.Logger; import net.openid.appauth.internal.UriUtil; @@ -91,14 +92,14 @@ public AuthorizationService(@NonNull Context context) { * leaks (see {@link #dispose()}. */ public AuthorizationService( - @NonNull Context context, - @NonNull AppAuthConfiguration clientConfiguration) { + @NonNull Context context, + @NonNull AppAuthConfiguration clientConfiguration) { this(context, - clientConfiguration, - BrowserSelector.select( - context, - clientConfiguration.getBrowserMatcher()), - new CustomTabManager(context)); + clientConfiguration, + BrowserSelector.select( + context, + clientConfiguration.getBrowserMatcher()), + new CustomTabManager(context)); } /** @@ -142,13 +143,13 @@ public CustomTabsIntent.Builder createCustomTabsIntentBuilder(Uri... possibleUri * If the user cancels the authorization request, the current activity will regain control. */ public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent) { + @NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent) { performAuthorizationRequest( - request, - completedIntent, - null, - createCustomTabsIntentBuilder().build()); + request, + completedIntent, + null, + createCustomTabsIntentBuilder().build()); } /** @@ -162,14 +163,14 @@ public void performAuthorizationRequest( * {@link PendingIntent cancel PendingIntent} will be invoked. */ public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent, - @NonNull PendingIntent canceledIntent) { + @NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent, + @NonNull PendingIntent canceledIntent) { performAuthorizationRequest( - request, - completedIntent, - canceledIntent, - createCustomTabsIntentBuilder().build()); + request, + completedIntent, + canceledIntent, + createCustomTabsIntentBuilder().build()); } /** @@ -180,20 +181,19 @@ public void performAuthorizationRequest( * of this request, the provided {@link PendingIntent completion PendingIntent} will be invoked. * If the user cancels the authorization request, the current activity will regain control. * - * @param customTabsIntent - * The intent that will be used to start the custom tab. It is recommended that this intent - * be created with the help of {@link #createCustomTabsIntentBuilder(Uri[])}, which will - * ensure that a warmed-up version of the browser will be used, minimizing latency. + * @param customTabsIntent The intent that will be used to start the custom tab. It is recommended that this intent + * be created with the help of {@link #createCustomTabsIntentBuilder(Uri[])}, which will + * ensure that a warmed-up version of the browser will be used, minimizing latency. */ public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent, - @NonNull CustomTabsIntent customTabsIntent) { + @NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent, + @NonNull CustomTabsIntent customTabsIntent) { performAuthorizationRequest( - request, - completedIntent, - null, - customTabsIntent); + request, + completedIntent, + null, + customTabsIntent); } /** @@ -205,19 +205,17 @@ public void performAuthorizationRequest( * If the user cancels the authorization request, the provided * {@link PendingIntent cancel PendingIntent} will be invoked. * - * @param customTabsIntent - * The intent that will be used to start the custom tab. It is recommended that this intent - * be created with the help of {@link #createCustomTabsIntentBuilder(Uri[])}, which will - * ensure that a warmed-up version of the browser will be used, minimizing latency. - * + * @param customTabsIntent The intent that will be used to start the custom tab. It is recommended that this intent + * be created with the help of {@link #createCustomTabsIntentBuilder(Uri[])}, which will + * ensure that a warmed-up version of the browser will be used, minimizing latency. * @throws android.content.ActivityNotFoundException if no suitable browser is available to - * perform the authorization flow. + * perform the authorization flow. */ public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent, - @Nullable PendingIntent canceledIntent, - @NonNull CustomTabsIntent customTabsIntent) { + @NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent, + @Nullable PendingIntent canceledIntent, + @NonNull CustomTabsIntent customTabsIntent) { checkNotDisposed(); if (mBrowser == null) { @@ -235,18 +233,18 @@ public void performAuthorizationRequest( intent.setData(requestUri); Logger.debug("Using %s as browser for auth, custom tab = %s", - intent.getPackage(), - mBrowser.useCustomTab.toString()); + intent.getPackage(), + mBrowser.useCustomTab.toString()); intent.putExtra(CustomTabsIntent.EXTRA_TITLE_VISIBILITY_STATE, CustomTabsIntent.NO_TITLE); Logger.debug("Initiating authorization request to %s", - request.configuration.authorizationEndpoint); + request.configuration.authorizationEndpoint); mContext.startActivity(AuthorizationManagementActivity.createStartIntent( - mContext, - request, - intent, - completedIntent, - canceledIntent)); + mContext, + request, + intent, + completedIntent, + canceledIntent)); } /** @@ -255,8 +253,8 @@ public void performAuthorizationRequest( * callback handler. */ public void performTokenRequest( - @NonNull TokenRequest request, - @NonNull TokenResponseCallback callback) { + @NonNull TokenRequest request, + @NonNull TokenResponseCallback callback) { performTokenRequest(request, NoClientAuthentication.INSTANCE, callback); } @@ -266,14 +264,14 @@ public void performTokenRequest( * callback handler. */ public void performTokenRequest( - @NonNull TokenRequest request, - @NonNull ClientAuthentication clientAuthentication, - @NonNull TokenResponseCallback callback) { + @NonNull TokenRequest request, + @NonNull ClientAuthentication clientAuthentication, + @NonNull TokenResponseCallback callback) { checkNotDisposed(); Logger.debug("Initiating code exchange request to %s", - request.configuration.tokenEndpoint); + request.configuration.tokenEndpoint); new TokenRequestTask(request, clientAuthentication, callback) - .execute(); + .execute(); } /** @@ -281,11 +279,11 @@ public void performTokenRequest( * The result of this request will be sent to the provided callback handler. */ public void performRegistrationRequest( - @NonNull RegistrationRequest request, - @NonNull RegistrationResponseCallback callback) { + @NonNull RegistrationRequest request, + @NonNull RegistrationResponseCallback callback) { checkNotDisposed(); Logger.debug("Initiating dynamic client registration %s", - request.configuration.registrationEndpoint.toString()); + request.configuration.registrationEndpoint.toString()); new RegistrationRequestTask(request, callback).execute(); } @@ -293,11 +291,11 @@ public void performRegistrationRequest( * Performs ID token validation. */ public void performTokenValidation( - @NonNull TokenResponse response, - @NonNull TokenValidationResponseCallback callback) { + @NonNull TokenResponse response, + @NonNull TokenValidationResponseCallback callback) { checkNotDisposed(); Logger.debug("Initiating token validation request to %s", - response.request.configuration.discoveryDoc.getJwksUri()); + response.request.configuration.discoveryDoc.getJwksUri()); new TokenValidationRequestTask(response, callback) .execute(); } @@ -322,7 +320,7 @@ private void checkNotDisposed() { } private class TokenRequestTask - extends AsyncTask { + extends AsyncTask { private TokenRequest mRequest; private TokenResponseCallback mCallback; private ClientAuthentication mClientAuthentication; @@ -341,24 +339,24 @@ protected JSONObject doInBackground(Void... voids) { InputStream is = null; try { HttpURLConnection conn = - mClientConfiguration.getConnectionBuilder() - .openConnection(mRequest.configuration.tokenEndpoint); + mClientConfiguration.getConnectionBuilder() + .openConnection(mRequest.configuration.tokenEndpoint); conn.setRequestMethod("POST"); conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); addJsonToAcceptHeader(conn); conn.setDoOutput(true); Map headers = mClientAuthentication - .getRequestHeaders(mRequest.clientId); + .getRequestHeaders(mRequest.clientId); if (headers != null) { - for (Map.Entry header : headers.entrySet()) { + for (Map.Entry header : headers.entrySet()) { conn.setRequestProperty(header.getKey(), header.getValue()); } } Map parameters = mRequest.getRequestParameters(); Map clientAuthParams = mClientAuthentication - .getRequestParameters(mRequest.clientId); + .getRequestParameters(mRequest.clientId); if (clientAuthParams != null) { parameters.putAll(clientAuthParams); } @@ -371,7 +369,7 @@ protected JSONObject doInBackground(Void... voids) { wr.flush(); if (conn.getResponseCode() >= HttpURLConnection.HTTP_OK - && conn.getResponseCode() < HttpURLConnection.HTTP_MULT_CHOICE) { + && conn.getResponseCode() < HttpURLConnection.HTTP_MULT_CHOICE) { is = conn.getInputStream(); } else { is = conn.getErrorStream(); @@ -381,11 +379,11 @@ protected JSONObject doInBackground(Void... voids) { } catch (IOException ex) { Logger.debugWithStack(ex, "Failed to complete exchange request"); mException = AuthorizationException.fromTemplate( - GeneralErrors.NETWORK_ERROR, ex); + GeneralErrors.NETWORK_ERROR, ex); } catch (JSONException ex) { Logger.debugWithStack(ex, "Failed to complete exchange request"); mException = AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, ex); + GeneralErrors.JSON_DESERIALIZATION_ERROR, ex); } finally { Utils.closeQuietly(is); } @@ -404,15 +402,15 @@ protected void onPostExecute(JSONObject json) { try { String error = json.getString(AuthorizationException.PARAM_ERROR); ex = AuthorizationException.fromOAuthTemplate( - TokenRequestErrors.byString(error), - error, - json.optString(AuthorizationException.PARAM_ERROR_DESCRIPTION, null), - UriUtil.parseUriIfAvailable( - json.optString(AuthorizationException.PARAM_ERROR_URI))); + TokenRequestErrors.byString(error), + error, + json.optString(AuthorizationException.PARAM_ERROR_DESCRIPTION, null), + UriUtil.parseUriIfAvailable( + json.optString(AuthorizationException.PARAM_ERROR_URI))); } catch (JSONException jsonEx) { ex = AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, - jsonEx); + GeneralErrors.JSON_DESERIALIZATION_ERROR, + jsonEx); } mCallback.onTokenRequestCompleted(null, ex); return; @@ -423,14 +421,14 @@ protected void onPostExecute(JSONObject json) { response = new TokenResponse.Builder(mRequest).fromResponseJson(json).build(); } catch (JSONException jsonEx) { mCallback.onTokenRequestCompleted(null, - AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, - jsonEx)); + AuthorizationException.fromTemplate( + GeneralErrors.JSON_DESERIALIZATION_ERROR, + jsonEx)); return; } Logger.debug("Token exchange with %s completed", - mRequest.configuration.tokenEndpoint); + mRequest.configuration.tokenEndpoint); mCallback.onTokenRequestCompleted(response, null); } @@ -454,23 +452,22 @@ private void addJsonToAcceptHeader(URLConnection conn) { public interface TokenResponseCallback { /** * Invoked when the request completes successfully or fails. - * + *

* Exactly one of `response` or `ex` will be non-null. If `response` is `null`, a failure * occurred during the request. This can happen if a bad URI was provided, no connection * to the server could be established, or the response JSON was incomplete or incorrectly * formatted. * * @param response the retrieved token response, if successful; `null` otherwise. - * @param ex a description of the failure, if one occurred: `null` otherwise. - * + * @param ex a description of the failure, if one occurred: `null` otherwise. * @see AuthorizationException.TokenRequestErrors */ void onTokenRequestCompleted(@Nullable TokenResponse response, - @Nullable AuthorizationException ex); + @Nullable AuthorizationException ex); } private class RegistrationRequestTask - extends AsyncTask { + extends AsyncTask { private RegistrationRequest mRequest; private RegistrationResponseCallback mCallback; @@ -488,8 +485,8 @@ protected JSONObject doInBackground(Void... voids) { String postData = mRequest.toJsonString(); try { HttpURLConnection conn = - mClientConfiguration.getConnectionBuilder() - .openConnection(mRequest.configuration.registrationEndpoint); + mClientConfiguration.getConnectionBuilder() + .openConnection(mRequest.configuration.registrationEndpoint); conn.setRequestMethod("POST"); conn.setRequestProperty("Content-Type", "application/json"); conn.setDoOutput(true); @@ -504,11 +501,11 @@ protected JSONObject doInBackground(Void... voids) { } catch (IOException ex) { Logger.debugWithStack(ex, "Failed to complete registration request"); mException = AuthorizationException.fromTemplate( - GeneralErrors.NETWORK_ERROR, ex); + GeneralErrors.NETWORK_ERROR, ex); } catch (JSONException ex) { Logger.debugWithStack(ex, "Failed to complete registration request"); mException = AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, ex); + GeneralErrors.JSON_DESERIALIZATION_ERROR, ex); } finally { Utils.closeQuietly(is); } @@ -527,15 +524,15 @@ protected void onPostExecute(JSONObject json) { try { String error = json.getString(AuthorizationException.PARAM_ERROR); ex = AuthorizationException.fromOAuthTemplate( - RegistrationRequestErrors.byString(error), - error, - json.getString(AuthorizationException.PARAM_ERROR_DESCRIPTION), - UriUtil.parseUriIfAvailable( - json.getString(AuthorizationException.PARAM_ERROR_URI))); + RegistrationRequestErrors.byString(error), + error, + json.getString(AuthorizationException.PARAM_ERROR_DESCRIPTION), + UriUtil.parseUriIfAvailable( + json.getString(AuthorizationException.PARAM_ERROR_URI))); } catch (JSONException jsonEx) { ex = AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, - jsonEx); + GeneralErrors.JSON_DESERIALIZATION_ERROR, + jsonEx); } mCallback.onRegistrationRequestCompleted(null, ex); return; @@ -544,22 +541,22 @@ protected void onPostExecute(JSONObject json) { RegistrationResponse response; try { response = new RegistrationResponse.Builder(mRequest) - .fromResponseJson(json).build(); + .fromResponseJson(json).build(); } catch (JSONException jsonEx) { mCallback.onRegistrationRequestCompleted(null, - AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, - jsonEx)); + AuthorizationException.fromTemplate( + GeneralErrors.JSON_DESERIALIZATION_ERROR, + jsonEx)); return; } catch (RegistrationResponse.MissingArgumentException ex) { Logger.errorWithStack(ex, "Malformed registration response"); mException = AuthorizationException.fromTemplate( - GeneralErrors.INVALID_REGISTRATION_RESPONSE, - ex); + GeneralErrors.INVALID_REGISTRATION_RESPONSE, + ex); return; } Logger.debug("Dynamic registration with %s completed", - mRequest.configuration.registrationEndpoint); + mRequest.configuration.registrationEndpoint); mCallback.onRegistrationRequestCompleted(response, null); } } @@ -572,14 +569,14 @@ protected void onPostExecute(JSONObject json) { public interface RegistrationResponseCallback { /** * Invoked when the request completes successfully or fails. - * + *

* Exactly one of `response` or `ex` will be non-null. If `response` is `null`, a failure * occurred during the request. This can happen if an invalid URI was provided, no * connection to the server could be established, or the response JSON was incomplete or * incorrectly formatted. * * @param response the retrieved registration response, if successful; `null` otherwise. - * @param ex a description of the failure, if one occurred: `null` otherwise. + * @param ex a description of the failure, if one occurred: `null` otherwise. * @see AuthorizationException.RegistrationRequestErrors */ void onRegistrationRequestCompleted(@Nullable RegistrationResponse response, @@ -587,7 +584,7 @@ void onRegistrationRequestCompleted(@Nullable RegistrationResponse response, } private class TokenValidationRequestTask - extends AsyncTask { + extends AsyncTask { private TokenResponse mResponse; private TokenValidationResponseCallback mCallback; @@ -605,13 +602,11 @@ protected JSONObject doInBackground(Void... voids) { try { Uri uri = (mResponse.request.configuration.discoveryDoc.getJwksUri()); HttpURLConnection conn = - mClientConfiguration.getConnectionBuilder() + mClientConfiguration.getConnectionBuilder() .openConnection(uri); conn.setRequestMethod("GET"); - //conn.setDoOutput(true); is = new BufferedInputStream(conn.getInputStream()); - // readStream(in); String response = Utils.readInputStream(is); return new JSONObject(response); } catch (IOException ex) { @@ -635,44 +630,47 @@ protected void onPostExecute(JSONObject json) { try { String[] split = mResponse.idToken.split("\\."); - String decodeTokenHeader = Utils.decodeBase64url(split[0]); - String decodeTokenBody = Utils.decodeBase64url(split[1]); + //there will be always 3 sections in idToken + if (split.length == 3) { + String decodeTokenHeader = Utils.decodeBase64url(split[0]); + String decodeTokenBody = Utils.decodeBase64url(split[1]); - JSONObject jsonObjectHeader = new JSONObject(decodeTokenHeader); - JSONObject jsonObjectBody = new JSONObject(decodeTokenBody); + JSONObject jsonObjectHeader = new JSONObject(decodeTokenHeader); + JSONObject jsonObjectBody = new JSONObject(decodeTokenBody); - JSONArray jsonArray = json.getJSONArray("keys"); + JSONArray jsonArray = json.getJSONArray("keys"); - for (int i = 0; i < jsonArray.length(); i++) { - if (jsonArray.getJSONObject(i).optString("alg") + for (int i = 0; i < jsonArray.length(); i++) { + if (jsonArray.getJSONObject(i).optString("alg") .contains(jsonObjectHeader.getString("alg"))) { - requiredJson = jsonArray.getJSONObject(i); - break; + requiredJson = jsonArray.getJSONObject(i); + break; + } } - } - Logger.debug("Token validation with %s completed", + Logger.debug("Token validation with %s completed", this.mResponse.request.configuration .discoveryDoc.getJwksUri()); - if (mException != null + if (mException != null || requiredJson == null || !json.optString("error", "").equals("") || !jsonObjectHeader.getString("kid").equals(requiredJson.getString("kid")) || !jsonObjectBody.getString("aud").equals(mResponse.request.clientId)) { - mCallback.onTokenValidationRequestCompleted(false, mException); - return; - } + mCallback.onTokenValidationRequestCompleted(false, mException); + return; + } - Calendar calendar = Calendar.getInstance(); - calendar.setTimeInMillis(Long.parseLong(jsonObjectBody.getString("exp")) - * Long.parseLong("1000")); - calendar.getTimeInMillis(); + long expirationTime = Long.parseLong(jsonObjectBody.getString("exp")) * 1000L; - if (calendar.getTimeInMillis() > System.currentTimeMillis()) { - mCallback.onTokenValidationRequestCompleted(true, null); + if (expirationTime > System.currentTimeMillis()) { + mCallback.onTokenValidationRequestCompleted(true, null); + } else { + mCallback.onTokenValidationRequestCompleted(false, mException); + } } else { mCallback.onTokenValidationRequestCompleted(false, mException); + } } catch (UnsupportedEncodingException | JSONException e) { mCallback.onTokenValidationRequestCompleted(false, mException); @@ -682,19 +680,20 @@ protected void onPostExecute(JSONObject json) { /** * Callback interface for token validation endpoint. + * * @see AuthorizationService#performTokenValidation */ public interface TokenValidationResponseCallback { /** * Invoked when the request completes successfully. - * + *

* Exactly one of `isTokenValid` or `ex` will be non-null. If `isTokenValid` is `null`, * a failure occurred during the request. This can happen if a bad URI was provided, * no connection to the server could be established, or the JSON was incomplete or * incorrectly formatted. * * @param isTokenValid the boolean value which represents if a token is valid or not. - * @param ex a description of the failure, if one occurred: `null` otherwise. + * @param ex a description of the failure, if one occurred: `null` otherwise. * @see AuthorizationException.TokenRequestErrors */ void onTokenValidationRequestCompleted(boolean isTokenValid, From 5e24e7689977ee4027d5adfbfc05fa99f98068a3 Mon Sep 17 00:00:00 2001 From: arvindsinghtomar Date: Mon, 18 Sep 2017 15:16:33 +0530 Subject: [PATCH 8/9] Merge branch 'master' of https://github.com/openid/AppAuth-Android # Conflicts: # library/java/net/openid/appauth/AuthorizationService.java --- build.gradle | 2 +- library/build.gradle | 2 +- .../openid/appauth/AuthorizationService.java | 522 ++++++++++++------ 3 files changed, 347 insertions(+), 179 deletions(-) diff --git a/build.gradle b/build.gradle index 2676de87..4360c064 100644 --- a/build.gradle +++ b/build.gradle @@ -6,7 +6,7 @@ buildscript { google() } dependencies { - classpath 'com.android.tools.build:gradle:3.0.0-beta2' + classpath 'com.android.tools.build:gradle:3.0.0-beta6' classpath 'com.github.dcendents:android-maven-gradle-plugin:1.5' classpath 'com.jfrog.bintray.gradle:gradle-bintray-plugin:1.7.3' classpath 'org.ajoberstar:gradle-git:1.7.1' diff --git a/library/build.gradle b/library/build.gradle index 5f366a64..3b017594 100644 --- a/library/build.gradle +++ b/library/build.gradle @@ -13,7 +13,7 @@ android.defaultConfig.project.archivesBaseName = 'appauth' // libraries or apps. android.buildTypes.debug.manifestPlaceholders = [ 'appAuthRedirectScheme': 'net.openid.appauth.test' -]; +] dependencies { api "com.android.support:customtabs:${rootProject.supportLibVersion}" diff --git a/library/java/net/openid/appauth/AuthorizationService.java b/library/java/net/openid/appauth/AuthorizationService.java index f8d5d9c7..6d441807 100644 --- a/library/java/net/openid/appauth/AuthorizationService.java +++ b/library/java/net/openid/appauth/AuthorizationService.java @@ -14,8 +14,6 @@ package net.openid.appauth; -import static net.openid.appauth.Preconditions.checkNotNull; - import android.app.PendingIntent; import android.content.ActivityNotFoundException; import android.content.Context; @@ -31,7 +29,6 @@ import net.openid.appauth.AuthorizationException.GeneralErrors; import net.openid.appauth.AuthorizationException.RegistrationRequestErrors; import net.openid.appauth.AuthorizationException.TokenRequestErrors; - import net.openid.appauth.browser.BrowserDescriptor; import net.openid.appauth.browser.BrowserSelector; import net.openid.appauth.browser.CustomTabManager; @@ -39,12 +36,15 @@ import net.openid.appauth.internal.Logger; import net.openid.appauth.internal.UriUtil; +import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; +import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStreamWriter; +import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; import java.net.URLConnection; import java.util.Map; @@ -57,6 +57,8 @@ */ public class AuthorizationService { + private static final int MAX_SECTION_ID_TOKEN = 3; + private static final long M_SECS = 1000L; @VisibleForTesting Context mContext; @@ -78,7 +80,8 @@ public class AuthorizationService { * leaks (see {@link #dispose()}. */ public AuthorizationService(@NonNull Context context) { - this(context, AppAuthConfiguration.DEFAULT); + this(context, + AppAuthConfiguration.DEFAULT); } /** @@ -86,15 +89,14 @@ public AuthorizationService(@NonNull Context context) { * instances of this class must be manually disposed when no longer required, to avoid * leaks (see {@link #dispose()}. */ - public AuthorizationService( - @NonNull Context context, - @NonNull AppAuthConfiguration clientConfiguration) { + public AuthorizationService(@NonNull Context context, + @NonNull AppAuthConfiguration clientConfiguration) { this(context, - clientConfiguration, - BrowserSelector.select( - context, - clientConfiguration.getBrowserMatcher()), - new CustomTabManager(context)); + clientConfiguration, + BrowserSelector.select( + context, + clientConfiguration.getBrowserMatcher()), + new CustomTabManager(context)); } /** @@ -105,7 +107,7 @@ public AuthorizationService( @NonNull AppAuthConfiguration clientConfiguration, @Nullable BrowserDescriptor browser, @NonNull CustomTabManager customTabManager) { - mContext = checkNotNull(context); + mContext = net.openid.appauth.Preconditions.checkNotNull(context); mClientConfiguration = clientConfiguration; mCustomTabManager = customTabManager; mBrowser = browser; @@ -137,14 +139,12 @@ public CustomTabsIntent.Builder createCustomTabsIntentBuilder(Uri... possibleUri * of this request, the provided {@link PendingIntent completion PendingIntent} will be invoked. * If the user cancels the authorization request, the current activity will regain control. */ - public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent) { - performAuthorizationRequest( - request, - completedIntent, - null, - createCustomTabsIntentBuilder().build()); + public void performAuthorizationRequest(@NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent) { + performAuthorizationRequest(request, + completedIntent, + null, + createCustomTabsIntentBuilder().build()); } /** @@ -158,14 +158,13 @@ public void performAuthorizationRequest( * {@link PendingIntent cancel PendingIntent} will be invoked. */ public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent, - @NonNull PendingIntent canceledIntent) { - performAuthorizationRequest( - request, - completedIntent, - canceledIntent, - createCustomTabsIntentBuilder().build()); + @NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent, + @NonNull PendingIntent canceledIntent) { + performAuthorizationRequest(request, + completedIntent, + canceledIntent, + createCustomTabsIntentBuilder().build()); } /** @@ -176,20 +175,21 @@ public void performAuthorizationRequest( * of this request, the provided {@link PendingIntent completion PendingIntent} will be invoked. * If the user cancels the authorization request, the current activity will regain control. * - * @param customTabsIntent - * The intent that will be used to start the custom tab. It is recommended that this intent - * be created with the help of {@link #createCustomTabsIntentBuilder(Uri[])}, which will - * ensure that a warmed-up version of the browser will be used, minimizing latency. + * @param customTabsIntent The intent that will be used to start the custom tab. It is + * recommended that this intent + * be created with the help of + * {@link #createCustomTabsIntentBuilder(Uri[])}, which will + * ensure that a warmed-up version of the browser will be used, + * minimizing latency. */ public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent, - @NonNull CustomTabsIntent customTabsIntent) { - performAuthorizationRequest( - request, - completedIntent, - null, - customTabsIntent); + @NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent, + @NonNull CustomTabsIntent customTabsIntent) { + performAuthorizationRequest(request, + completedIntent, + null, + customTabsIntent); } /** @@ -201,31 +201,31 @@ public void performAuthorizationRequest( * If the user cancels the authorization request, the provided * {@link PendingIntent cancel PendingIntent} will be invoked. * - * @param customTabsIntent - * The intent that will be used to start the custom tab. It is recommended that this intent - * be created with the help of {@link #createCustomTabsIntentBuilder(Uri[])}, which will - * ensure that a warmed-up version of the browser will be used, minimizing latency. - * + * @param customTabsIntent The intent that will be used to start the custom tab. It is + * recommended that this intent + * be created with the help of + * {@link #createCustomTabsIntentBuilder(Uri[])}, which will + * ensure that a warmed-up version of the browser will be used, + * minimizing latency. * @throws android.content.ActivityNotFoundException if no suitable browser is available to - * perform the authorization flow. + * perform the authorization flow. */ - public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent, - @Nullable PendingIntent canceledIntent, - @NonNull CustomTabsIntent customTabsIntent) { + public void performAuthorizationRequest(@NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent, + @Nullable PendingIntent canceledIntent, + @NonNull CustomTabsIntent customTabsIntent) { checkNotDisposed(); - checkNotNull(request); - checkNotNull(completedIntent); - checkNotNull(customTabsIntent); - - Intent authIntent = prepareAuthorizationRequestIntent(request, customTabsIntent); - mContext.startActivity(AuthorizationManagementActivity.createStartIntent( - mContext, - request, - authIntent, - completedIntent, - canceledIntent)); + net.openid.appauth.Preconditions.checkNotNull(request); + net.openid.appauth.Preconditions.checkNotNull(completedIntent); + net.openid.appauth.Preconditions.checkNotNull(customTabsIntent); + + Intent authIntent = prepareAuthorizationRequestIntent(request, + customTabsIntent); + mContext.startActivity(AuthorizationManagementActivity.createStartIntent(mContext, + request, + authIntent, + completedIntent, + canceledIntent)); } /** @@ -241,23 +241,24 @@ public void performAuthorizationRequest( * {@link Activity#RESULT_OK} indicates the authorization request completed, * not necessarily that it was a successful authorization. * - * @param customTabsIntent - * The intent that will be used to start the custom tab. It is recommended that this intent - * be created with the help of {@link #createCustomTabsIntentBuilder(Uri[])}, which will - * ensure that a warmed-up version of the browser will be used, minimizing latency. - * + * @param customTabsIntent The intent that will be used to start the custom tab. It is + * recommended that this intent + * be created with the help of {@link #createCustomTabsIntentBuilder + * (Uri[])}, which will + * ensure that a warmed-up version of the browser will be used, + * minimizing latency. * @throws android.content.ActivityNotFoundException if no suitable browser is available to - * perform the authorization flow. + * perform the authorization flow. */ - public Intent getAuthorizationRequestIntent( - @NonNull AuthorizationRequest request, - @NonNull CustomTabsIntent customTabsIntent) { + public Intent getAuthorizationRequestIntent(@NonNull AuthorizationRequest request, + @NonNull CustomTabsIntent customTabsIntent) { - Intent authIntent = prepareAuthorizationRequestIntent(request, customTabsIntent); + Intent authIntent = prepareAuthorizationRequestIntent(request, + customTabsIntent); return AuthorizationManagementActivity.createStartForResultIntent( - mContext, - request, - authIntent); + mContext, + request, + authIntent); } /** @@ -277,11 +278,11 @@ public Intent getAuthorizationRequestIntent( * not necessarily that it was a successful authorization. * * @throws android.content.ActivityNotFoundException if no suitable browser is available to - * perform the authorization flow. + * perform the authorization flow. */ - public Intent getAuthorizationRequestIntent( - @NonNull AuthorizationRequest request) { - return getAuthorizationRequestIntent(request, createCustomTabsIntentBuilder().build()); + public Intent getAuthorizationRequestIntent(@NonNull AuthorizationRequest request) { + return getAuthorizationRequestIntent(request, + createCustomTabsIntentBuilder().build()); } /** @@ -289,10 +290,11 @@ public Intent getAuthorizationRequestIntent( * authorization request for a token. The result of this request will be sent to the provided * callback handler. */ - public void performTokenRequest( - @NonNull TokenRequest request, - @NonNull TokenResponseCallback callback) { - performTokenRequest(request, NoClientAuthentication.INSTANCE, callback); + public void performTokenRequest(@NonNull TokenRequest request, + @NonNull TokenResponseCallback callback) { + performTokenRequest(request, + NoClientAuthentication.INSTANCE, + callback); } /** @@ -300,19 +302,17 @@ public void performTokenRequest( * authorization request for a token. The result of this request will be sent to the provided * callback handler. */ - public void performTokenRequest( - @NonNull TokenRequest request, - @NonNull ClientAuthentication clientAuthentication, - @NonNull TokenResponseCallback callback) { + public void performTokenRequest(@NonNull TokenRequest request, + @NonNull ClientAuthentication clientAuthentication, + @NonNull TokenResponseCallback callback) { checkNotDisposed(); Logger.debug("Initiating code exchange request to %s", - request.configuration.tokenEndpoint); - new TokenRequestTask( - request, - clientAuthentication, - mClientConfiguration.getConnectionBuilder(), - callback) - .execute(); + request.configuration.tokenEndpoint); + new TokenRequestTask(request, + clientAuthentication, + mClientConfiguration.getConnectionBuilder(), + callback) + .execute(); } /** @@ -320,16 +320,27 @@ public void performTokenRequest( * The result of this request will be sent to the provided callback handler. */ public void performRegistrationRequest( - @NonNull RegistrationRequest request, - @NonNull RegistrationResponseCallback callback) { + @NonNull RegistrationRequest request, + @NonNull RegistrationResponseCallback callback) { checkNotDisposed(); Logger.debug("Initiating dynamic client registration %s", - request.configuration.registrationEndpoint.toString()); - new RegistrationRequestTask( - request, - mClientConfiguration.getConnectionBuilder(), - callback) - .execute(); + request.configuration.registrationEndpoint.toString()); + new RegistrationRequestTask(request, + mClientConfiguration.getConnectionBuilder(), + callback).execute(); + } + + /** + * Performs ID token validation. + */ + public void performTokenValidation(@NonNull TokenResponse response, + @NonNull TokenValidationResponseCallback callback) { + checkNotDisposed(); + Logger.debug("Initiating token validation request to %s", + response.request.configuration.discoveryDoc.getJwksUri()); + new TokenValidationRequestTask(response, + mClientConfiguration.getConnectionBuilder(), + callback).execute(); } /** @@ -351,9 +362,8 @@ private void checkNotDisposed() { } } - private Intent prepareAuthorizationRequestIntent( - AuthorizationRequest request, - CustomTabsIntent customTabsIntent) { + private Intent prepareAuthorizationRequestIntent(AuthorizationRequest request, + CustomTabsIntent customTabsIntent) { checkNotDisposed(); if (mBrowser == null) { @@ -371,18 +381,18 @@ private Intent prepareAuthorizationRequestIntent( intent.setData(requestUri); Logger.debug("Using %s as browser for auth, custom tab = %s", - intent.getPackage(), - mBrowser.useCustomTab.toString()); - intent.putExtra(CustomTabsIntent.EXTRA_TITLE_VISIBILITY_STATE, CustomTabsIntent.NO_TITLE); + intent.getPackage(), + mBrowser.useCustomTab.toString()); + intent.putExtra(CustomTabsIntent.EXTRA_TITLE_VISIBILITY_STATE, + CustomTabsIntent.NO_TITLE); Logger.debug("Initiating authorization request to %s", - request.configuration.authorizationEndpoint); + request.configuration.authorizationEndpoint); return intent; } - private static class TokenRequestTask - extends AsyncTask { + private static class TokenRequestTask extends AsyncTask { private TokenRequest mRequest; private ClientAuthentication mClientAuthentication; private final ConnectionBuilder mConnectionBuilder; @@ -404,30 +414,33 @@ private static class TokenRequestTask protected JSONObject doInBackground(Void... voids) { InputStream is = null; try { - HttpURLConnection conn = mConnectionBuilder.openConnection( - mRequest.configuration.tokenEndpoint); + HttpURLConnection conn = mConnectionBuilder + .openConnection(mRequest.configuration.tokenEndpoint); conn.setRequestMethod("POST"); - conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); + conn.setRequestProperty("Content-Type", + "application/x-www-form-urlencoded"); addJsonToAcceptHeader(conn); conn.setDoOutput(true); Map headers = mClientAuthentication - .getRequestHeaders(mRequest.clientId); + .getRequestHeaders(mRequest.clientId); if (headers != null) { - for (Map.Entry header : headers.entrySet()) { - conn.setRequestProperty(header.getKey(), header.getValue()); + for (Map.Entry header : headers.entrySet()) { + conn.setRequestProperty(header.getKey(), + header.getValue()); } } Map parameters = mRequest.getRequestParameters(); Map clientAuthParams = mClientAuthentication - .getRequestParameters(mRequest.clientId); + .getRequestParameters(mRequest.clientId); if (clientAuthParams != null) { parameters.putAll(clientAuthParams); } String queryData = UriUtil.formUrlEncode(parameters); - conn.setRequestProperty("Content-Length", String.valueOf(queryData.length())); + conn.setRequestProperty("Content-Length", + String.valueOf(queryData.length())); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(queryData); @@ -442,13 +455,17 @@ protected JSONObject doInBackground(Void... voids) { String response = Utils.readInputStream(is); return new JSONObject(response); } catch (IOException ex) { - Logger.debugWithStack(ex, "Failed to complete exchange request"); + Logger.debugWithStack(ex, + "Failed to complete exchange request"); mException = AuthorizationException.fromTemplate( - GeneralErrors.NETWORK_ERROR, ex); + GeneralErrors.NETWORK_ERROR, + ex); } catch (JSONException ex) { - Logger.debugWithStack(ex, "Failed to complete exchange request"); + Logger.debugWithStack(ex, + "Failed to complete exchange request"); mException = AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, ex); + GeneralErrors.JSON_DESERIALIZATION_ERROR, + ex); } finally { Utils.closeQuietly(is); } @@ -458,7 +475,8 @@ protected JSONObject doInBackground(Void... voids) { @Override protected void onPostExecute(JSONObject json) { if (mException != null) { - mCallback.onTokenRequestCompleted(null, mException); + mCallback.onTokenRequestCompleted(null, + mException); return; } @@ -467,34 +485,38 @@ protected void onPostExecute(JSONObject json) { try { String error = json.getString(AuthorizationException.PARAM_ERROR); ex = AuthorizationException.fromOAuthTemplate( - TokenRequestErrors.byString(error), - error, - json.optString(AuthorizationException.PARAM_ERROR_DESCRIPTION, null), - UriUtil.parseUriIfAvailable( - json.optString(AuthorizationException.PARAM_ERROR_URI))); + TokenRequestErrors.byString(error), + error, + json.optString(AuthorizationException.PARAM_ERROR_DESCRIPTION, + null), + UriUtil.parseUriIfAvailable( + json.optString(AuthorizationException.PARAM_ERROR_URI))); } catch (JSONException jsonEx) { ex = AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, - jsonEx); + GeneralErrors.JSON_DESERIALIZATION_ERROR, + jsonEx); } - mCallback.onTokenRequestCompleted(null, ex); + mCallback.onTokenRequestCompleted(null, + ex); return; } TokenResponse response; try { - response = new TokenResponse.Builder(mRequest).fromResponseJson(json).build(); + response = new TokenResponse.Builder(mRequest).fromResponseJson(json) + .build(); } catch (JSONException jsonEx) { mCallback.onTokenRequestCompleted(null, - AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, - jsonEx)); + AuthorizationException.fromTemplate( + GeneralErrors.JSON_DESERIALIZATION_ERROR, + jsonEx)); return; } Logger.debug("Token exchange with %s completed", - mRequest.configuration.tokenEndpoint); - mCallback.onTokenRequestCompleted(response, null); + mRequest.configuration.tokenEndpoint); + mCallback.onTokenRequestCompleted(response, + null); } /** @@ -505,35 +527,35 @@ protected void onPostExecute(JSONObject json) { */ private void addJsonToAcceptHeader(URLConnection conn) { if (TextUtils.isEmpty(conn.getRequestProperty("Accept"))) { - conn.setRequestProperty("Accept", "application/json"); + conn.setRequestProperty("Accept", + "application/json"); } } } /** * Callback interface for token endpoint requests. + * * @see AuthorizationService#performTokenRequest */ public interface TokenResponseCallback { /** * Invoked when the request completes successfully or fails. - * + *

* Exactly one of `response` or `ex` will be non-null. If `response` is `null`, a failure * occurred during the request. This can happen if a bad URI was provided, no connection * to the server could be established, or the response JSON was incomplete or incorrectly * formatted. * * @param response the retrieved token response, if successful; `null` otherwise. - * @param ex a description of the failure, if one occurred: `null` otherwise. - * + * @param ex a description of the failure, if one occurred: `null` otherwise. * @see AuthorizationException.TokenRequestErrors */ void onTokenRequestCompleted(@Nullable TokenResponse response, - @Nullable AuthorizationException ex); + @Nullable AuthorizationException ex); } - private static class RegistrationRequestTask - extends AsyncTask { + private static class RegistrationRequestTask extends AsyncTask { private RegistrationRequest mRequest; private final ConnectionBuilder mConnectionBuilder; private RegistrationResponseCallback mCallback; @@ -541,8 +563,8 @@ private static class RegistrationRequestTask private AuthorizationException mException; RegistrationRequestTask(RegistrationRequest request, - ConnectionBuilder connectionBuilder, - RegistrationResponseCallback callback) { + ConnectionBuilder connectionBuilder, + RegistrationResponseCallback callback) { mRequest = request; mConnectionBuilder = connectionBuilder; mCallback = callback; @@ -553,27 +575,34 @@ protected JSONObject doInBackground(Void... voids) { InputStream is = null; String postData = mRequest.toJsonString(); try { - HttpURLConnection conn = mConnectionBuilder.openConnection( - mRequest.configuration.registrationEndpoint); + HttpURLConnection conn = mConnectionBuilder + .openConnection(mRequest + .configuration + .registrationEndpoint); conn.setRequestMethod("POST"); - conn.setRequestProperty("Content-Type", "application/json"); + conn.setRequestProperty("Content-Type", + "application/json"); conn.setDoOutput(true); - conn.setRequestProperty("Content-Length", String.valueOf(postData.length())); + conn.setRequestProperty("Content-Length", + String.valueOf(postData.length())); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(postData); wr.flush(); - is = conn.getInputStream(); String response = Utils.readInputStream(is); return new JSONObject(response); } catch (IOException ex) { - Logger.debugWithStack(ex, "Failed to complete registration request"); + Logger.debugWithStack(ex, + "Failed to complete registration request"); mException = AuthorizationException.fromTemplate( - GeneralErrors.NETWORK_ERROR, ex); + GeneralErrors.NETWORK_ERROR, + ex); } catch (JSONException ex) { - Logger.debugWithStack(ex, "Failed to complete registration request"); + Logger.debugWithStack(ex, + "Failed to complete registration request"); mException = AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, ex); + GeneralErrors.JSON_DESERIALIZATION_ERROR, + ex); } finally { Utils.closeQuietly(is); } @@ -583,7 +612,8 @@ protected JSONObject doInBackground(Void... voids) { @Override protected void onPostExecute(JSONObject json) { if (mException != null) { - mCallback.onRegistrationRequestCompleted(null, mException); + mCallback.onRegistrationRequestCompleted(null, + mException); return; } @@ -592,40 +622,45 @@ protected void onPostExecute(JSONObject json) { try { String error = json.getString(AuthorizationException.PARAM_ERROR); ex = AuthorizationException.fromOAuthTemplate( - RegistrationRequestErrors.byString(error), - error, - json.getString(AuthorizationException.PARAM_ERROR_DESCRIPTION), - UriUtil.parseUriIfAvailable( - json.getString(AuthorizationException.PARAM_ERROR_URI))); + RegistrationRequestErrors.byString(error), + error, + json.getString(AuthorizationException.PARAM_ERROR_DESCRIPTION), + UriUtil.parseUriIfAvailable( + json.getString(AuthorizationException.PARAM_ERROR_URI))); } catch (JSONException jsonEx) { ex = AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, - jsonEx); + GeneralErrors.JSON_DESERIALIZATION_ERROR, + jsonEx); } - mCallback.onRegistrationRequestCompleted(null, ex); + mCallback.onRegistrationRequestCompleted(null, + ex); return; } RegistrationResponse response; try { response = new RegistrationResponse.Builder(mRequest) - .fromResponseJson(json).build(); + .fromResponseJson(json) + .build(); } catch (JSONException jsonEx) { mCallback.onRegistrationRequestCompleted(null, - AuthorizationException.fromTemplate( - GeneralErrors.JSON_DESERIALIZATION_ERROR, - jsonEx)); + AuthorizationException.fromTemplate( + GeneralErrors + .JSON_DESERIALIZATION_ERROR, + jsonEx)); return; } catch (RegistrationResponse.MissingArgumentException ex) { - Logger.errorWithStack(ex, "Malformed registration response"); + Logger.errorWithStack(ex, + "Malformed registration response"); mException = AuthorizationException.fromTemplate( - GeneralErrors.INVALID_REGISTRATION_RESPONSE, - ex); + GeneralErrors.INVALID_REGISTRATION_RESPONSE, + ex); return; } Logger.debug("Dynamic registration with %s completed", - mRequest.configuration.registrationEndpoint); - mCallback.onRegistrationRequestCompleted(response, null); + mRequest.configuration.registrationEndpoint); + mCallback.onRegistrationRequestCompleted(response, + null); } } @@ -637,17 +672,150 @@ protected void onPostExecute(JSONObject json) { public interface RegistrationResponseCallback { /** * Invoked when the request completes successfully or fails. - * + *

* Exactly one of `response` or `ex` will be non-null. If `response` is `null`, a failure * occurred during the request. This can happen if an invalid URI was provided, no * connection to the server could be established, or the response JSON was incomplete or * incorrectly formatted. * * @param response the retrieved registration response, if successful; `null` otherwise. - * @param ex a description of the failure, if one occurred: `null` otherwise. + * @param ex a description of the failure, if one occurred: `null` otherwise. * @see AuthorizationException.RegistrationRequestErrors */ void onRegistrationRequestCompleted(@Nullable RegistrationResponse response, @Nullable AuthorizationException ex); } + + private static class TokenValidationRequestTask extends AsyncTask { + private TokenResponse mResponse; + private TokenValidationResponseCallback mCallback; + private ConnectionBuilder mConnectionBuilder; + private AuthorizationException mException; + + TokenValidationRequestTask(TokenResponse request, + ConnectionBuilder connectionBuilder, + TokenValidationResponseCallback callback + ) { + mResponse = request; + mConnectionBuilder = connectionBuilder; + + mCallback = callback; + } + + @Override + protected JSONObject doInBackground(Void... voids) { + InputStream is = null; + try { + Uri uri = (mResponse.request.configuration.discoveryDoc.getJwksUri()); + HttpURLConnection conn = mConnectionBuilder + .openConnection(uri); + conn.setRequestMethod("GET"); + is = new BufferedInputStream(conn.getInputStream()); + String response = Utils.readInputStream(is); + return new JSONObject(response); + } catch (IOException ex) { + Logger.debugWithStack(ex, + "Failed to complete token validation request"); + mException = AuthorizationException.fromTemplate( + GeneralErrors.NETWORK_ERROR, + ex); + } catch (JSONException ex) { + Logger.debugWithStack(ex, + "Failed to complete token validation request"); + mException = AuthorizationException.fromTemplate( + GeneralErrors.JSON_DESERIALIZATION_ERROR, + ex); + } finally { + Utils.closeQuietly(is); + } + return null; + } + + @Override + protected void onPostExecute(JSONObject json) { + JSONObject requiredJson = null; + + try { + String[] split = mResponse.idToken.split("\\."); + + //there will be always 3 sections in idToken + if (split.length == MAX_SECTION_ID_TOKEN) { + String decodeTokenHeader = Utils.decodeBase64url(split[0]); + String decodeTokenBody = Utils.decodeBase64url(split[1]); + + JSONObject jsonObjectHeader = new JSONObject(decodeTokenHeader); + JSONObject jsonObjectBody = new JSONObject(decodeTokenBody); + + JSONArray jsonArray = json.getJSONArray("keys"); + + for (int i = 0; i < jsonArray.length(); i++) { + if (jsonArray.getJSONObject(i) + .optString("alg") + .contains(jsonObjectHeader.getString("alg"))) { + requiredJson = jsonArray.getJSONObject(i); + break; + } + } + + Logger.debug("Token validation with %s completed", + this.mResponse.request.configuration + .discoveryDoc.getJwksUri()); + + if (mException != null + || requiredJson == null + || !json.optString("error", + "") + .equals("") + || !jsonObjectHeader.getString("kid") + .equals(requiredJson.getString("kid")) + || !jsonObjectBody.getString("aud") + .equals(mResponse.request.clientId)) { + mCallback.onTokenValidationRequestCompleted(false, + mException); + return; + } + + long expirationTime = Long.parseLong(jsonObjectBody.getString("exp")) * M_SECS; + + if (expirationTime > System.currentTimeMillis()) { + mCallback.onTokenValidationRequestCompleted(true, + null); + } else { + mCallback.onTokenValidationRequestCompleted(false, + mException); + } + } else { + mCallback.onTokenValidationRequestCompleted(false, + mException); + + } + } catch (UnsupportedEncodingException | JSONException e) { + mCallback.onTokenValidationRequestCompleted(false, + mException); + } + } + } + + /** + * Callback interface for token validation endpoint. + * + * @see AuthorizationService#performTokenValidation + */ + public interface TokenValidationResponseCallback { + /** + * Invoked when the request completes successfully. + *

+ * Exactly one of `isTokenValid` or `ex` will be non-null. If `isTokenValid` is `null`, + * a failure occurred during the request. This can happen if a bad URI was provided, + * no connection to the server could be established, or the JSON was incomplete or + * incorrectly formatted. + * + * @param isTokenValid the boolean value which represents if a token is valid or not. + * @param ex a description of the failure, if one occurred: `null` otherwise. + * @see AuthorizationException.TokenRequestErrors + */ + void onTokenValidationRequestCompleted(boolean isTokenValid, + @Nullable AuthorizationException ex); + } + } From 6aafff5387c23ad0eb40e39591245cb1b0f62dac Mon Sep 17 00:00:00 2001 From: "tomararvindsingh09@gmail.com" Date: Tue, 19 Sep 2017 09:58:06 +0530 Subject: [PATCH 9/9] typos. --- .../openid/appauth/AuthorizationService.java | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/library/java/net/openid/appauth/AuthorizationService.java b/library/java/net/openid/appauth/AuthorizationService.java index 6d441807..60e53321 100644 --- a/library/java/net/openid/appauth/AuthorizationService.java +++ b/library/java/net/openid/appauth/AuthorizationService.java @@ -157,10 +157,9 @@ public void performAuthorizationRequest(@NonNull AuthorizationRequest request, * If the user cancels the authorization request, the provided * {@link PendingIntent cancel PendingIntent} will be invoked. */ - public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent, - @NonNull PendingIntent canceledIntent) { + public void performAuthorizationRequest(@NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent, + @NonNull PendingIntent canceledIntent) { performAuthorizationRequest(request, completedIntent, canceledIntent, @@ -182,10 +181,9 @@ public void performAuthorizationRequest( * ensure that a warmed-up version of the browser will be used, * minimizing latency. */ - public void performAuthorizationRequest( - @NonNull AuthorizationRequest request, - @NonNull PendingIntent completedIntent, - @NonNull CustomTabsIntent customTabsIntent) { + public void performAuthorizationRequest(@NonNull AuthorizationRequest request, + @NonNull PendingIntent completedIntent, + @NonNull CustomTabsIntent customTabsIntent) { performAuthorizationRequest(request, completedIntent, null, @@ -319,9 +317,8 @@ public void performTokenRequest(@NonNull TokenRequest request, * Sends a request to the authorization service to dynamically register a client. * The result of this request will be sent to the provided callback handler. */ - public void performRegistrationRequest( - @NonNull RegistrationRequest request, - @NonNull RegistrationResponseCallback callback) { + public void performRegistrationRequest(@NonNull RegistrationRequest request, + @NonNull RegistrationResponseCallback callback) { checkNotDisposed(); Logger.debug("Initiating dynamic client registration %s", request.configuration.registrationEndpoint.toString());